Add ZAP Full Scan support to DAST vendored template

author: Victor Zagorodny <vzagorodny@gitlab.com> 2019-04-26 16:53:17 +0300
committer: Achilleas Pipinellis <axil@gitlab.com> 2019-04-26 16:53:17 +0300
commit: 478cf29c39e108eace1d9bfd2a3e17d67186642a (patch)
tree: 3064a9d658278046edb77162aed30b9409a33a78 /lib/gitlab/ci
parent: 5389ff6e93abf25485bf058661906d419aee7e7e (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml
index 2a90cc9a06c..fd7fac5dcab 100644
--- a/lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml
@@ -30,6 +30,7 @@ dast:
     - |
       function dast_run() {
         docker run \
+        --env DAST_FULL_SCAN_ENABLED \
         --env DAST_TARGET_AVAILABILITY_TIMEOUT \
         --volume "$PWD:/output" \
         --volume /var/run/docker.sock:/var/run/docker.sock \
@@ -46,7 +47,8 @@ dast:
           --auth-username $DAST_USERNAME \
           --auth-password $DAST_PASSWORD \
           --auth-username-field $DAST_USERNAME_FIELD \
-          --auth-password-field $DAST_PASSWORD_FIELD
+          --auth-password-field $DAST_PASSWORD_FIELD \
+          --auth-exclude-urls $DAST_AUTH_EXCLUDE_URLS
       else
         dast_run
       fi
author	Victor Zagorodny <vzagorodny@gitlab.com>	2019-04-26 16:53:17 +0300
committer	Achilleas Pipinellis <axil@gitlab.com>	2019-04-26 16:53:17 +0300
commit	478cf29c39e108eace1d9bfd2a3e17d67186642a (patch)
tree	3064a9d658278046edb77162aed30b9409a33a78 /lib/gitlab/ci
parent	5389ff6e93abf25485bf058661906d419aee7e7e (diff)